Security News > 2020 > March > Hackers Used Local News Sites to Install Spyware On iPhones

A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices.

According to research published by Trend Micro and Kaspersky, the "Operation Poisoned News" attack leverages a remote iOS exploit chain to deploy a feature-rich implant called 'LightSpy' through links to local news websites, which when clicked, executes the malware payload and allows an interloper to exfiltrate sensitive data from the affected device and even take full control.

Using Malicious Links as Bait to Install Spyware The campaign uses fake links posted on multiple forums, all popular with Hong Kong residents, that claim to lead to various news stories related to topics that are either sex-related, clickbait, or news related to the ongoing COVID-19 coronavirus pandemic.

"The only visible iframe leads to a legitimate news site, which makes people believe they are visiting the said site. One invisible iframe was used for website analytics; the other led to a site hosting the main script of the iOS exploits."

"DmsSpy's download and command-and-control servers used the same domain name as one of the watering holes used by the iOS component of Poisoned News," the researchers observed.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/hiuBLzRe-2k/iphone-iOS-spyware.html